Jackson3006 | 12.09.2012 22:18 | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hallo,
mein Laptop hat sich mit dem o.g. Schädling infiziert. Leider bekomme ich immer ihn nur kurz weg, sobald man wieder im Internet ist kommt er automatisch wieder. Ist aber sicher hier bekannt.
Ich habe gelesen das man mit OLT einen Scan durchführen und das Log hier posten soll: Code:
OTL Extras logfile created on: 9/12/2012 10:50:54 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = D:\Antivirus\OLT
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.75 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 71.90% Memory free
5.49 Gb Paging File | 4.61 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 235.51 Gb Free Space | 83.87% Space Free | Partition Type: NTFS
Drive D: | 3.77 Gb Total Space | 0.15 Gb Free Space | 4.09% Space Free | Partition Type: FAT
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
Computer Name: MECKI-HP | User Name: Mecki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7CA39252-B140-4F7D-951E-AA7F18523CFF}" = WEKA Musterbetriebsanweisungen 6.8
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{816F5E94-B7FE-43EF-B4E6-F22D40A4AFCC}" = HP User Guides 0133
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CAE0E306-1B73-4FAD-B0BB-18B449DB2332}" = Borland Database Engine Installer
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"{FFDD2A4F-D0E8-420A-9C18-9A92FC415F20}" = WEKA Betreuungszeitenrechner 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"PDF Complete" = PDF Complete Special Edition
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PriceGong" = PriceGong 2.6.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WEKA Betreuungszeitenrechner 1.1" = WEKA Betreuungszeitenrechner 1.1
"WEKA DGUV VORSCHRIFT 2" = WEKA DGUV Vorschrift 2
"WEKA Musterbetriebsanweisungen 6.8" = WEKA Musterbetriebsanweisungen 6.8
"WEKA UNTERWEISUNGSDATENBANK F_R DIE SICHERHEITSFAC JUNI 2011" = WEKA Unterweisungsdatenbank für die Sicherheitsfac Juni 2011
"WEKA-Muster-Betriebsanweisungen" = WEKA-Muster-Betriebsanweisungen
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/30/2011 7:41:11 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ee8 Startzeit: 01ccaf54e0cb14ec Endzeit: 30 Anwendungspfad:
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: 2cb2d761-1b48-11e1-8380-0027134a5707
Error - 12/21/2011 11:02:16 AM | Computer Name = Mecki-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002fa7b ID des fehlerhaften
Prozesses: 0xcec Startzeit der fehlerhaften Anwendung: 0x01ccbfee9738b69b Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: c4e1396e-2be4-11e1-affa-0027134a5707
Error - 12/22/2011 9:05:49 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c3c Startzeit: 01ccc0a9e5878c3c Endzeit: 43 Anwendungspfad: C:\windows\system32\SndVol.exe
Berichts-ID:
a8ae9289-2c9d-11e1-9794-0027134a5707
Error - 12/22/2011 9:06:58 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16912 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 11c4 Startzeit: 01ccc0a4f96aa21a Endzeit: 102 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: d0ee3d24-2c9d-11e1-9794-0027134a5707
Error - 12/25/2011 3:18:28 AM | Computer Name = Mecki-HP | Source = Avira AntiVir | ID = 4118
Description =
Error - 12/30/2011 12:49:18 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16912 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17b0 Startzeit: 01ccc6adc746c313 Endzeit: 30 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 9d41b0c0-32a1-11e1-b47d-0027134a5707
Error - 1/4/2012 7:25:25 AM | Computer Name = Mecki-HP | Source = ESENT | ID = 215
Description = WinMail (3900) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
[ Hewlett-Packard Events ]
Error - 9/4/2012 9:26:10 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 9/4/2012 9:26:28 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2812 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()
Error - 9/4/2012 9:27:32 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2812 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()
Error - 9/10/2012 3:05:45 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 9/11/2012 8:03:17 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 9/12/2012 2:35:51 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 2812 Ram Utilization:
20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 9/12/2012 2:35:52 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 2812 Ram Utilization:
20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 9/12/2012 3:48:03 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 2812 Ram Utilization:
20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 9/12/2012 3:48:03 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 2812 Ram Utilization:
20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 9/12/2012 4:29:06 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 2812 Ram Utilization:
20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ System Events ]
Error - 9/12/2012 4:41:44 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 9/12/2012 4:41:44 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 9/12/2012 4:43:02 PM | Computer Name = Mecki-HP | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 9/12/2012 4:43:02 PM | Computer Name = Mecki-HP | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 9/12/2012 4:43:07 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 9/12/2012 4:43:28 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Application Installer Cleanup (0034091343481525)" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 9/12/2012 4:43:28 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
aystq kngi
Error - 9/12/2012 4:43:34 PM | Computer Name = Mecki-HP | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 9/12/2012 4:43:35 PM | Computer Name = Mecki-HP | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 9/12/2012 4:43:35 PM | Computer Name = Mecki-HP | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
< End of report > Code:
OTL logfile created on: 9/12/2012 10:50:54 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = D:\Antivirus\OLT
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.75 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 71.90% Memory free
5.49 Gb Paging File | 4.61 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 235.51 Gb Free Space | 83.87% Space Free | Partition Type: NTFS
Drive D: | 3.77 Gb Total Space | 0.15 Gb Free Space | 4.09% Space Free | Partition Type: FAT
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
Computer Name: MECKI-HP | User Name: Mecki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Antivirus\OLT\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Mecki\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\PdfTracker\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\Mecki\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\PdfTracker\pdfSaver\fm30xmf.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\STacSV.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\aestsrv.exe (Andrea Electronics Corporation)
SRV - (0034091343481525mcinstcleanup) -- C:\Users\Mecki\AppData\Local\Temp\003409~1.EXE (McAfee, Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
========== Driver Services (SafeList) ==========
DRV - (kngi) -- System32\drivers\fmnvuov.sys File not found
DRV - (aystq) -- System32\drivers\cfofumkr.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes,DefaultScope = {77409DB1-BC1B-4652-8DC9-83C158577578}
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE453
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{EAC86613-3366-472A-9BC7-8F7A1C5E7E76}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=50e6e1f5-1d28-409c-af45-8916e5c26e24&apn_sauid=83F16D09-E391-44C6-A96C-424ACAE4D9B5
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:1.7.5
FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.6
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100013
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=50e6e1f5-1d28-409c-af45-8916e5c26e24&apn_ptnrs=^ABT&apn_sauid=83F16D09-E391-44C6-A96C-424ACAE4D9B5&apn_dtid=^YYYYYY^YY^DE&&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 17:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Mecki\AppData\Roaming\01001.067 [2012/07/09 17:04:48 | 000,000,000 | ---D | M]
[2011/05/10 17:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\Extensions
[2012/07/30 16:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions
[2012/07/17 12:56:20 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/07/28 15:23:38 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com
[2012/07/17 12:56:09 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\plugin@yontoo.com
[2012/08/04 11:44:06 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\toolbar@ask.com
[2012/04/20 21:42:53 | 000,565,918 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\toolbar@gmx.net.xpi
[2012/07/28 16:03:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012/08/14 09:55:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire
[2012/08/14 09:55:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012/08/04 11:44:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012/08/04 11:44:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012/08/14 09:55:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5df_expire
[2012/08/14 09:55:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012/08/04 11:44:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire
[2012/08/14 09:55:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012/08/14 09:55:11 | 000,002,413 | ---- | M] () -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\searchplugins\askcom.xml
[2012/07/17 12:48:26 | 000,002,792 | ---- | M] () -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\searchplugins\Plusnetwork.xml
[2012/04/04 14:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/04/04 14:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/05/10 17:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2011/05/10 17:01:13 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012/07/09 17:04:48 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MECKI\APPDATA\ROAMING\01001.067
[2011/03/18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/18 11:02:13 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=50e6e1f5-1d28-409c-af45-8916e5c26e24&apn_ptnrs=%5EABT&apn_sauid=83F16D09-E391-44C6-A96C-424ACAE4D9B5&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\
CHR - Extension: PriceGong = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.6_0\
CHR - Extension: Yontoo = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.6\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-748211811-4270470618-2428824574-1002..\Run: [pdfSaver3] C:\Program Files\PdfTracker\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKU\S-1-5-21-748211811-4270470618-2428824574-1002..\Run: [SearchIndexer] C:\Users\Mecki\AppData\Local\Microsoft\Windows\3889\SearchIndexer.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Mecki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Mecki\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE572A88-ABB5-4727-A9C6-C5414E065A94}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F539003D-377E-40A4-892D-931AA44CCB7D}: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/09/12 22:43:17 | 000,000,000 | ---D | C] -- C:\Users\Mecki\AppData\Roaming\hellomoto
[2012/09/12 13:27:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2012/09/12 13:27:20 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/09/12 13:27:20 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 13:27:19 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2012/09/10 18:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/16 13:32:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/16 13:32:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/16 13:32:38 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/08/16 13:32:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/08/16 13:32:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/16 13:32:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/16 13:32:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/08/16 12:40:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2012/08/16 12:40:50 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/08/16 12:40:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[1 C:\Users\Mecki\AppData\Roaming\*.tmp files -> C:\Users\Mecki\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\windows\System32\
[2012/09/12 22:53:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 22:50:33 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 22:50:33 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 22:50:21 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/12 22:50:21 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/12 22:50:21 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/12 22:50:21 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/12 22:43:07 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 22:43:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/12 22:42:53 | 2212,126,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 22:21:11 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 20:43:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 18:09:14 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/05 08:21:04 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/28 12:40:02 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/28 12:40:02 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/08/22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/08/22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/08/16 17:16:24 | 000,456,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[1 C:\Users\Mecki\AppData\Roaming\*.tmp files -> C:\Users\Mecki\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
File not found -- C:\windows\System32\
[2012/07/27 13:50:58 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012/07/06 13:37:57 | 000,000,051 | ---- | C] () -- C:\Users\Mecki\AppData\Roaming\blckdom.res
[2012/03/03 11:42:43 | 000,000,345 | ---- | C] () -- C:\windows\SHISETUP.SYS
[2012/01/11 12:21:47 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{8d0df1b8-f6ef-c167-261f-af182487fdbf}\@
[2012/01/11 12:21:47 | 000,002,048 | -HS- | C] () -- C:\Users\Mecki\AppData\Local\{8d0df1b8-f6ef-c167-261f-af182487fdbf}\@
[2011/04/12 16:37:49 | 000,001,849 | ---- | C] () -- C:\Users\Mecki\AppData\Roaming\GhostObjGAFix.xml
[2011/03/14 18:37:27 | 000,000,028 | ---- | C] () -- C:\Users\Mecki\MUSTERBA.INI
[2011/01/19 14:56:03 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/01/19 14:56:03 | 000,000,034 | ---- | C] () -- C:\windows\System32\BD2030.DAT
[2010/12/18 16:55:34 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/12/18 16:55:31 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/12/18 16:55:31 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/12/18 16:55:31 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/12/18 16:55:31 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/12/18 16:55:30 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2010/12/18 16:53:14 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
========== LOP Check ==========
[2012/07/06 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.064
[2012/07/07 17:01:25 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.065
[2012/07/08 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.066
[2012/07/09 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.067
[2012/09/12 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\BrowserCompanion
[2012/09/12 22:43:17 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\hellomoto
[2012/07/06 13:37:20 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\kock
[2012/07/09 06:58:50 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\UAs
[2012/07/09 06:59:05 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\xmldm
[2012/09/12 15:00:23 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/01/19 18:29:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/27 10:31:13 | 000,000,000 | -HSD | M] -- C:\boot
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/01/06 00:53:07 | 000,000,000 | ---D | M] -- C:\EFI
[2010/01/06 02:03:34 | 000,000,000 | -H-D | M] -- C:\hp
[2012/04/08 11:35:33 | 000,000,000 | ---D | M] -- C:\HP_RECOVERY_mountHPSF
[2010/12/31 14:52:12 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/09/10 09:16:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/28 16:05:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/06/19 17:20:56 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/09/12 22:53:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/12/18 17:00:39 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2010/12/18 16:48:18 | 000,000,000 | R--D | M] -- C:\Users
[2012/09/12 22:41:09 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
< MD5 for: IASTORV.SYS >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012/02/07 18:35:31 | 000,000,028 | ---- | M] () -- C:\Users\Mecki\MUSTERBA.INI
[2012/09/12 23:07:45 | 002,621,440 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat
[2012/09/12 23:07:45 | 000,262,144 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat.LOG1
[2010/12/18 16:48:19 | 000,000,000 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat.LOG2
[2012/07/03 13:09:15 | 000,065,536 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{0f8fba69-c4f3-11e1-b583-0027134a5707}.TM.blf
[2012/07/03 13:09:15 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{0f8fba69-c4f3-11e1-b583-0027134a5707}.TMContainer00000000000000000001.regtrans-ms
[2012/07/03 13:09:15 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{0f8fba69-c4f3-11e1-b583-0027134a5707}.TMContainer00000000000000000002.regtrans-ms
[2012/04/02 20:56:24 | 000,065,536 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{30bfeede-7ce7-11e1-869e-c417fe3a7562}.TM.blf
[2012/04/02 20:56:24 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{30bfeede-7ce7-11e1-869e-c417fe3a7562}.TMContainer00000000000000000001.regtrans-ms
[2012/04/02 20:56:24 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{30bfeede-7ce7-11e1-869e-c417fe3a7562}.TMContainer00000000000000000002.regtrans-ms
[2010/12/19 15:16:38 | 000,065,536 | -HS- | M] () -- C:\Users\Mecki\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/12/19 15:16:38 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/12/19 15:16:38 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 09:37:06 | 000,000,020 | -HS- | M] () -- C:\Users\Mecki\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report > Ich hoffe ihr könnt mir helfen...
Gruß
Jackson
*** push *** |